A curated list of "just read the code bro" resources.
0x52:
- His Auditing Strategy (Discord thread)
- Audit Notes (GitHub repo)
- Auditing math heavy functions (X post)
- Taking a break during the audit (X post)
- How to become a smart contract auditor (blog article)
- How could I have found that faster? (X post)
- How to read reports (X post)
- Thinking about how an implementation should look like (X post)
- Mindsets of Auditing (video)
- Audit methodologies are overrated (X thread)
- Audit Notes (GitHub repo)
Juan:
- How I find vulnerabilities in smart contracts (X article)
- MiloTruck Interview - 2 Hours of PURE Smart Contract Auditing ALPHA (video)
- Web3 Security Contests With Milotruck (video)
- Old Smart Contract Audit Methodology (Readme)
- His auditing approach (Discord thread)
- Auditing Smart Contracts - Security Review of Ethereum Applications (video)
- Smart Contracts Risk Analysis and Flash Loan Exploits - Ethereum Security (video)
- How to look where test coverage is lacking (X post)
- First, list every entry point a user can interact with (X post)
- The Auditing Process (blog article)
- Everything you need to know about the audit process, combined into a single handbook (X thread)
- Complete Smart Contract Auditing System (video)
- How To Find SO Many Criticals You Get Bored Of Auditing (video)
- Live Audit Series (videos)
- Audit With Me | Live Codehawks Contest (video)
- [LIVE] How To Find Vulnerabilities In Audit Contests - GTDA | C4 Contest (video)
Phil:
- Auditing Step By Step: Part 1 (X thread)
- Finding Ways To Break Smart Contracts (Auditing: Part 2) (X thread)
- Question until it crashes (blog article)
- Top Web3 Security Researcher Gives you his EXACT Audit Process | Damn Vulnerable DeFi creator Tincho (video)
- Intense concentration is key (X post)
- trust_90: NSO Group Hacker turned Web3 Security Researcher (video)
- When you open a smart contract in your favorite editor, what do you see? (X thread)
- Reporting tips (X post)
- don't look for bugs, look for vulnerabilities (X post)
- searcher & researcher (X post)
- Audit Process (X thread)
- Zach Obront: Winning Audit Contests & Crushing Bug Bounties (video)
- Anytime I don't catch an issue (X post)
Other:
- Art Of Auditing (blog articles)
- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Part I (book)